News & Events

Blog

Cloud Application Discovery and Usage Monitoring

How can my operations, compliance, and help desk staff auto-discover the performance, consumption and impact of our cloud applications?

Overview

Problem: Challenges in troubleshooting and capacity planning due to lack of visibility into cloud-based applications in use, resources consumed, and end-user performance.

Desired Outcome: The IT team needed a simple way to discover and measure SaaS cloud-based applications and resource consumption, prevent unsanctioned applications, and access important information for SLA management.

Solution: Use ExtraHop to discover and monitor all cloud-based and on-premises applications, customize dashboards to show time comparisons, and add a list of unsanctioned applications to the ExtraHop bundle for visibility into usage details.

User Impact: Savings of over 200 personnel hours annually in troubleshooting efforts, and an estimated $20,000 savings per year by reducing several of their SaaS application license counts and renegotiated subscription fees.

Suggested Reading

The Problem

The operations and systems administration staff of a 250-employee medical device manufacturer were tasked with maintaining the company's cloud-based applications to understand usage patterns, resource consumption, and to protect against unauthorized use of unsanctioned applications.

The IT team didn't know all applications in use, the total amount of traffic consumed by their cloud and SaaS based applications, had no visibility into end-user performance, and didn't have the visibility to segment on-premises from cloud-based applications.
They depended exclusively on their SaaS and cloud providers for performance information, found troubleshooting difficult, and had significant concerns regarding compliance and data loss through applications like file sharing services. They also found capacity planning a challenge because they lacked a comprehensive picture of application resource consumption.

Desired Outcome

A simple way to discover and measure SaaS and cloud-based applications

Information that would definitively show resource consumption by type

A means for continuous observation to prevent unsanctioned applications

The IT department realized that these cloud applications posed a serious vulnerability of data leakage, a vulnerability completely out of their hands. They needed to proactively investigate this shadow IT issue but without causing disruption to employees.

The Solution

The company deployed the ExtraHop platform behind a proxy that could decrypt their SaaS-based applications. Extending ExtraHop's Cloud Application Bundle, they quickly began measuring total transactions, performance, and bandwidth consumption on a per application as well as a per cloud category perspective.

The teams created cloud- and SaaS-specific dashboards correlated with internally observed behavior, creating a central source of information that exposed not only all requests, bytes, error codes and rates, but also provided definitive evidence showing performance from their users' perspective, not the SaaS provider's perspective. They modified their dashboards to be able to view end-user performance today compared to seven days ago, so they had an early warning system if their SaaS applications and end-user experience was trending positively or negatively.

They did the same with their on-premises based applications so they could compare and contrast resource consumption by application type. Not only could they diagnose top consumers that could be causing congestion and performance issues but they now had the trend data to inform future capacity needs.

Finally, they added a list of unsanctioned applications to their ExtraHop bundle as a proactive means to identify and act on any unauthorized activity. The compliance team and the CSO were relieved to know that they now had a proactive means to identify and act on any unauthorized activity.

User Impact

Instead of reactively responding to performance issues and being wholly dependent upon the SaaS provider, they were now in control and could hold their providers accountable which the CIO found invaluable. For the first time they had a means to definitively eliminate their own environment as the source of the problem and could identify the specific resources (URIs) that were degraded and correlate that with their overall network performance and utilization by all other applications.

The Director of IT Operations estimated that they've saved over 200 personnel hours annually in unproductive SaaS troubleshooting efforts. The manufacturer was able to demonstrate that 80 users accessed this application only a few times a year so they were able to reduce several of their SaaS application license counts, saving an estimated $20,000 per year. Usage information provided by one of their SaaS providers was used to determine the annual license fee which was, "a bit like the fox guarding the hen house" as the Director of IT said. With ExtraHop's trending data the Director of IT said he feels 12 months ahead on their planning curve. They have a complete understanding of their capacity needs as they grow and can prepare more accurate budgets based on both performance and usage. They can also audit all user, network and application activity to be sure employees are using only authorized cloud file-sharing services.

They have started to expand ExtraHop's security monitoring capabilities—identifying and correlating anomalous behavior focusing first on all engineering file access by client, directory, file, frequency, and volume and correlating that information with other user behavior like outbound activity. Not only do they have a solid perimeter and internal controls for protection, now they can perform real-time internal activity surveillance, putting them in a much stronger position to protect their intellectual property.